25
25
runs-on : ubuntu-24.04
26
26
steps :
27
27
- name : Check out repo
28
- uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
28
+ uses : actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
29
29
with :
30
30
ref : ${{ github.event.pull_request.head.sha }}
31
31
@@ -100,7 +100,7 @@ jobs:
100
100
echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT
101
101
102
102
- name : Check out repo
103
- uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
103
+ uses : actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
104
104
with :
105
105
ref : ${{ github.event.pull_request.head.sha }}
106
106
@@ -169,7 +169,7 @@ jobs:
169
169
uses : docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
170
170
171
171
- name : Set up Docker Buildx
172
- uses : docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
172
+ uses : docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
173
173
174
174
# ######### ACRs ##########
175
175
- name : Log in to Azure
@@ -252,7 +252,7 @@ jobs:
252
252
253
253
- name : Install Cosign
254
254
if : github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
255
- uses : sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
255
+ uses : sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
256
256
257
257
- name : Sign image with Cosign
258
258
if : github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
@@ -269,14 +269,14 @@ jobs:
269
269
270
270
- name : Scan Docker image
271
271
id : container-scan
272
- uses : anchore/scan-action@2c901ab7378897c01b8efaa2d0c9bf519cc64b9e # v6.2.0
272
+ uses : anchore/scan-action@1638637db639e0ade3258b51db49a9a137574c3e # v6.5.1
273
273
with :
274
274
image : ${{ steps.image-tags.outputs.primary_tag }}
275
275
fail-build : false
276
276
output-format : sarif
277
277
278
278
- name : Upload Grype results to GitHub
279
- uses : github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
279
+ uses : github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
280
280
with :
281
281
sarif_file : ${{ steps.container-scan.outputs.sarif }}
282
282
sha : ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
@@ -294,7 +294,7 @@ jobs:
294
294
actions : read
295
295
steps :
296
296
- name : Check out repo
297
- uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
297
+ uses : actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
298
298
with :
299
299
ref : ${{ github.event.pull_request.head.sha }}
300
300
@@ -420,7 +420,7 @@ jobs:
420
420
- win-x64
421
421
steps :
422
422
- name : Check out repo
423
- uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
423
+ uses : actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
424
424
with :
425
425
ref : ${{ github.event.pull_request.head.sha }}
426
426
@@ -484,7 +484,7 @@ jobs:
484
484
uses : bitwarden/gh-actions/azure-logout@main
485
485
486
486
- name : Trigger self-host build
487
- uses : actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
487
+ uses : actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
488
488
with :
489
489
github-token : ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
490
490
script : |
@@ -525,7 +525,7 @@ jobs:
525
525
uses : bitwarden/gh-actions/azure-logout@main
526
526
527
527
- name : Trigger k8s deploy
528
- uses : actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
528
+ uses : actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
529
529
with :
530
530
github-token : ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
531
531
script : |
0 commit comments